A Web browser is used to access a Web site via the World Wide Web or via a local area network. Often a password is required in order to access restricted Web sites or Web pages, such as those used for online banking or for other types of transactions where security is desired. For added security, the connection between the user and the Web site—that is, the connection between the user's client device and the server hosting the Web site—can use a scheme such as HTTPS (Hyper Text Transfer Protocol Secure).
Nevertheless, there are existing form filler solutions that plug into Web browsers and act like password managers but allow unsecure and low integrity processes to have access to a user's password. These processes, as well as the Web browsers themselves, are susceptible to “malware” that can be used to steal a user's password. Also, techniques such as “phishing” and “screen scraping” can be used to steal a user's password. With the password, an adversary can gain access to private data and conduct unauthorized transactions, masquerading as the password's owner.
Accordingly, there is a need to improve the manner in which passwords are handled and protected.